The SitePoint Forums have moved.

You can now find them here.
This forum is now closed to new posts, but you can browse existing content.
You can find out more information about the move and how to open a new account (if necessary) here.
If you get stuck you can get support by emailing forums@sitepoint.com

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Cross domain session variable problem

I am using payment pro for of PayPal in my site, in which I have used PayPal API. Basically I implement PayPal payment by uploading all pages of my site to https domain, becouse payment works in https domain only.

But I need is I need to implement by PayPal payment from http domain only, ie uploading my site to http domain. But in this scenario, session variable is used to store instantaneous shopping cart info, which is not possible to send to https domain.
So, please anybody any solution for this.

you need to manually pass the session id when crossing from http to https. however, you should only need to do this once. once the user has visited both an http page and https page which have calls to session_start() in them, they should have a cookie for both and you will no longer need to send the sid manually. you could set a flag in a session variable once you know they have a cookie for both http and https.

it can be dangerous to pass the session id in the url. read up on session hijacking to find out why.
if possible, add it as a hidden field in a form which submits via POST.